Analyst, Security Awareness

Job Description

Information Security Governance, Risk and Compliance is looking for a Security Awareness Analyst to become a member of the team at PlayStation. Located within regular commuting distance of our Rancho Bernardo San Diego, CA office, the successful candidate will develop, build, and deliver an outstanding Security Awareness Program to employees worldwide. With so much creative talent at PlayStation, the possibilities are many and really only limited by the imagination and influence of the individual!

Responsibilities:
1. Program Development
• Develop and sustain an engaging Security Awareness Program that influences attitudes and changes behaviors to build a safer work environment.
• Ensure the Program meets Sony Group compliance requirements and relevant industry regulations and standards.
• Document and maintain a roadmap that summarizes Program objectives, benefits, timings, and progress to date.
• Analyze expenditure and prepare annual Program budget proposals.
• Socialize the Program with regional Information Security Officers and lead its global adoption, taking into consideration different cultures, nationalities and languages.
• Solicit feedback from Information Security Officers and other partners to identify gaps and opportunities to evolve the Program.
• Continuously evaluate and manage Program vendors and services.
• Ensure the availability of SaaS applications and renewal of subscription licenses.
• Analyze metrics from all regions and prepare consolidated performance reporting to illustrate impact on both learners and security risk reduction to demonstrate Program effectiveness.

2. Project Management
• Introduce new Program Improvements:
• Assess feasibility by evaluating different options and highlighting key differentiators (where appropriate, conduct formal RFP engagement with multiple vendors).
• Develop a plan that explains Improvement objectives, benefits, design, implementation tasks, timings, operational roles and responsibilities, communications, training and support.
• Influence partners to ensure the Improvement has the awareness and sponsorship to succeed.
• Motivate contributors to complete tasks against agreed milestones and call out challenges or delays.
• Prepare regular status reports on progress.
• Develop performance indicators and measure the impact of newly implemented Improvements.
• Plan and deliver engaging activities for Cyber Security Awareness Month in October.

3. Operations
• Acquire and curate content for the Program.
• Deliver Security Awareness training and Simulated Phishing emails to Americas region.
• Ensure delivery of campaigns and training in other regions.
• Publish informative articles on regional Intranets and coordinate email communications to worldwide audience through Corporate Communications.
• Respond to queries from employees.
• Organize and host events through a variety of mediums (e.g. online, lunch-and-learns, workshops, and seminars).
• Other duties as prescribed by the Program.

Experience and Skills:
• Minimum 3 years of Information Security experience, alternatively, minimum of 5 years of Marketing/Communications/Organization Change Management/Training experience (or any combination thereof).
• Relevant Bachelor's Degree.
• Confident ''people person'' that can casually establish and maintain productive working relationships.
• Leadership skills that can influence and coordinate activities through others.
• Good communication skills to work with all levels of the organization.
• Attentive, organized and good attention to detail.
• Quick learner with the ability to multi-task.
• Proactive and self-motivated, yet capable of forming a team as needed.
• Ability to take complex topics and form simple and concise messaging.
• Professional writer, able to research and prepare timely, high quality, clearly-written materials free of grammatical errors and spelling mistakes.
• Experience speaking publicly to large audiences at workshops/events/seminars either as trainer or an authority on the presentation material.
• Good working knowledge of Office 365.
• CISSP or ISO/IEC 27001 Lead Implementer an advantage.

Jobcode: Reference SBJ-rve167-3-145-130-31-42 in your application.